New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@inrupt/solid-client-authn-node
Advanced tools
@inrupt/solid-client-authn-node - npm Package Versions
Changelog
1.13.4 - 2023-03-16
browser
Bugfix
- v1.13.3 introduced a bug in the silent reload flow, resulting in a "Mismatching redirect URL" error when refreshing a page with an app logged in. This regression went unnoticed because of a misconfiguration of the browser-based test app that should have covered this scenario. Both issues are now resolved.
node
Bugfix
- The
Sessionexpiration date was not set in all contexts:session.info.expirationDatewasn't set properly using Client Credentials.
browser and node
New feature
-
Added
eventsattribute to theSessionclass to expose fullEventEmitterAPI with type hints for each supported event. This allows to write code such as the following:const mySession = new Session(); mySession.events.on(EVENTS.LOGIN, () => { console.log("Logged in!") });This is closer to the EventEmitter API, so it should be familiar to more developers.
Changelog
1.13.3 - 2023-03-07
browser
Bugfixes
- No longer remove the last issuer URL path component if it doesn't have a trailing slash: a bug was introduced in baac030d33163ba08dadebabdaf676450be7fa88, resulting in the issuer configuration discovery failing if the issuer URL had a path that did not end with a trailing slash. This is now fixed.
Changelog
1.13.2 - 2023-02-16
node
Bugfixes
- The Client Credential flow had a bug where the expiration time set by the OpenID Provider for the token was ignored, and an arbitrary default was applied instead. This resulted in the session being unable to make authenticated requests, but still acting as if it were logged in. The session now uses the expiration time set by the OpenID Provider.
Changelog
1.13.1 - 2023-02-15
node and browser
Dependency updates
- Updated transitive dependencies to fix GHSA-rc47-6667-2j5j
Bugfix
- The redirect URL provided to the
loginfunction was being normalized, which could result in misalignments with the redirect URLs declared in a Client Identifier document, since the latter wasn't being normalized. The normalization step has now been removed, and the redirect provided by the user is sent to the OpenID Provider unchanged.